Privacy Policy

Effective Date: 23rd December 2025

Optain Health, Inc. and its related entities (“Optain Health,” “we, “our”) is committed to protecting the privacy and security of the information we collect and to being transparent about the ways in which we collect and process your information. This Privacy Policy sets forth our policies and practices for handling the information we collect from or about you from our websites and online service that we operate and that link to this Privacy Policy as well as through any offline interactions with you (the “Services”).

This Privacy Policy does not apply to information about patients that we process when we act as (i) a data processor of our customers or (ii) a business associate of a covered entity that is subject to the Health Insurance Portability and Accountability Act (“HIPAA”). Instead, you should review the Privacy Policy or HIPAA Notice of Privacy Practices provided by the applicable controller or covered entity, such as your healthcare provider, to understand how your retinal images and related health information may be processed.

We may provide additional privacy notices to individuals at the time we collect their data. For example, we provide a specific privacy notice to clinical research participants that describes our privacy practices in connection with conducting clinical research. This type of an “in-time” notice will govern how we may process the information you provide at that time, rather than this Privacy Policy.

This Privacy Policy does not apply to our processing of employee or job applicant data.

  1. COLLECTION OF INFORMATION

    We collect personal information from you when you use or interact with our Services, including:

    • Information you provide directly to us.
      • Contact Information, including name, email address, telephone or mobile phone number, address;
      • Sign-In Information, including username and password, account name;
      • Commercial and business information, including employment and professional information, job title, educational information, records of products or services purchased, obtained, or considered;
      • Payment and Financial Information, including bank account details, tax information, account holder names, banking institution information, payment instructions, and invoice details provided to us for the purpose of processing payments, orders and fund transfers; and
      • Correspondence you send to us.
    • Information we collect automatically. We collect internet, electronic activity, and other information automatically from the devices and browsers that you use, including your device type; Internet protocol (IP) address; device and advertising identifiers; browser type and version; operating system and platform; Internet service provider; usage data such as session information; referral information such as referral URLs and search terms; system and technical logs; and device performance metrics. If you or your device experiences an error, we collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred.

    We may also receive the categories of information described above from other sources, including from users of our Services, via publicly available sources, from third-party data providers for sales and marketing purposes, and from healthcare providers and insurers to understand reimbursement measures and healthcare coverage information. Information that is collected when you use the Services may be combined with other information provided by you or collected from third parties.

    We may aggregate or de-identify the information described above. Aggregated or de-identified data is not subject to this Privacy Policy.

  2. USE OF INFORMATION AND PURPOSE OF DATA PROCESSING

    We may use and otherwise process each of the categories of information identified above for the following business purposes:

    Purpose/Activity Legal basis (where applicable)
    To provide you with the information, products and services that you request from us; to allow you to participate in interactive features of our Services, when you choose to do so; to manage accounts; and to manage our relationship with you, including providing you with the information, products and services that you request from us, and notifying you about changes to our terms or Privacy Policy. (a) Performance of a contract with you
    (b) Necessity to comply with a legal obligation
    (c) Necessity for our legitimate interests (for example, to keep our records updated)
    To make suggestions and recommendations to you about things that are similar to those that you have enquired about or may otherwise be of interest to you, or to send promotional materials from us or by our affiliates and trusted business partners. (a) Necessity for our legitimate interests (for example, to grow our business)
    To improve our Services and to ensure that content is presented in the most relevant and effective manner for you and for your device; to administer our Services, including troubleshooting, data analytics, testing, research, statistical and survey purposes; to keep our Services, business and users safe and secure; to comply with applicable laws and regulations; and to protect or exercise our legal rights or defend against legal claims. (a) Necessity for our legitimate interests (for example, to manage and protect our business; to provide administration and IT services; for network security and to prevent cybercrime and fraud; in the context of a business reorganization or a group restructuring exercise; to analyze how people use our Services, to develop the Services, to keep our Services updated and relevant, to grow our business and to inform our communications strategy, and so forth)
    (b) Necessity to comply with a legal obligation

    Where legally required and we have no other valid legal basis to process your information, we will obtain your consent, which may subsequently be withdrawn at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before it is withdrawn.

  3. DISCLOSURE OF INFORMATION

    We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect. We may disclose the information identified above to the following categories of third parties:

    • Authorized third-party vendors and service providers. We share your information with third-party vendors and service providers that provide services to us for a variety of business purposes, such as billing, payment processing, customer service, email deployment, advertising and marketing, security and performance monitoring, maintaining or servicing accounts, processing or fulfilling orders and transactions, verifying customer information, research, data hosting, auditing, and data processing.
    • Corporate affiliates. We may share your information with our corporate affiliates.
    • Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, initial public offering, or in the unlikely event of bankruptcy.
    • Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, safety, and security of Optain Health, our affiliates, users, or the public.
    • At your direction or with your consent. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent.

    If you access third-party services, such as social media services or third-party single-sign on tools, through the Services, these third-party services may be able to collect information about you, including information about your activity on the Services, and they may notify your connections on the third-party services about your use of the Site, in accordance with their own privacy policies.

    Optain Health does not sell your personal information for monetary consideration to third parties. We do in some cases permit third parties to collect the information described in this Privacy Policy through our Services or may disclose such information to third parties for business purposes as described in this Privacy Policy.

  4. ADVERTISING, COOKIES AND SIMILAR TECHNOLOGIES

    When you use our Services, we and our third party partners (including advertising networks and exchanges, Internet service providers, data analytics providers, operating systems and platforms, and social networks, and entities that sell data) use cookies, pixel tags, local storage, and other similar technologies (collectively, “cookies”) to collect information from your browser or device. By using the Services, you consent to our use of cookies and similar technologies.

    The following types of cookies are used on our Services:

    • Essential cookies – These cookies enable you to use our Services. These cookies are essential to enable you to browse our Services and use certain features. Disabling them may prevent you from using certain parts of the Services. These cookies also help keep our Services safe and secure.
    • Preference cookies – These cookies store information such as your preferred country and language selection, login data and website preferences. Without these cookies, our Services may not be able to remember certain choices you’ve previously made (such as a saved country or language preference) or personalize your browsing experience by providing you with relevant information. These cookies can also be used to recognize your device so that you do not have to provide the same information more than once.
    • Performance cookies – These cookies collect information about how you use our Services such as which pages you visit regularly. These cookies are used to provide you with a high-quality experience by doing things such as tracking page load, site response times, and error messages.
    • Content / advertising cookies – These cookies gather information about your use of our Services so we, and third-party partners, may improve your experience and provide you with more relevant content and advertising on our Services and elsewhere online and across your devices. They are also used to gather feedback on customer satisfaction through surveys. They remember that you’ve visited our Services and help us understand usage of our Services.

    Do-Not-Track Signals and Similar Mechanisms. Some mobile and web browsers transmit “do-not-track” signals. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

  5. YOUR RIGHTS AND CHOICES

    You may be entitled, in accordance with applicable law (and subject to applicable limitations or exemptions), to request access to, correction, erasure, or portability of your information, to request more information about our data processing, as well as to object to or request restriction of processing of your information. Requests should be submitted in writing as set out below. If you become aware of changes or inaccuracies in your information, you should inform us of such changes so that the information may be updated or corrected. Once we receive your request, we will verify it in accordance with applicable law. You may be entitled, in accordance with applicable law, to submit a request through an authorized agent.

    You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting cookies may in some cases cancel the opt-out selection in your browser.

    We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on the Service may change or no longer be available to you.

    You may lodge a complaint with a supervisory authority if you believe our processing of your information is unlawful.

  6. INTERNATIONAL TRANSFERS

    By using the Services and providing us with information, you understand that we may transfer and store your information on servers located outside your resident jurisdiction, including in countries that may not provide the same level of data protection as the jurisdiction where you reside. We take appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality, and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred information, remains protected and secure. A copy of these clauses can be obtained by contacting us at the email address listed below.

  7. CHILDREN

    We do not knowingly collect or sell any information from children, as defined by applicable law, without parental consent or as otherwise permitted by applicable law.

  8. SECURITY, AND INTEGRITY

    We maintain reasonable security measures to safeguard information from loss, theft, interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.

  9. CHANGES TO THE PRIVACY POLICY

    We may modify this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

  10. CONTACT INFORMATION

    If you have any questions about this Privacy Policy or our practices, please contact us via privacy@optainhealth.com.